Reflected XSS Vulnerability in Hive Support by Hive Support
CVE-2025-32666

7.1HIGH

Key Information:

Vendor: Hive Support
Status: Hive Support
Vendor: CVE Published:; 17 April 2025

🔔 Create Hive Support Vulnerability Alert

What is CVE-2025-32666?

Hive Support exhibits a reflected cross-site scripting vulnerability that arises from inadequate input sanitization during web page generation. This flaw allows attackers to inject malicious scripts into the web pages viewed by users, potentially leading to data theft or session hijacking. Affected versions include all prior to and including 1.2.2, which puts users at risk if they do not implement proper security measures.

Affected Version(s)

Hive Support <= 1.2.2

References

https://patchstack.com/database/wordpress/plugin/hive-sup...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Apr 9, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)

JSON